Skip to content

Switch to Python 3.13 from 3.10.19#3013

Merged
FrankApiyo merged 15 commits intomainfrom
chore/update-requirements-20260210
Feb 17, 2026
Merged

Switch to Python 3.13 from 3.10.19#3013
FrankApiyo merged 15 commits intomainfrom
chore/update-requirements-20260210

Conversation

@ukanga
Copy link
Member

@ukanga ukanga commented Feb 10, 2026
edited
Loading

Changes / Features implemented

  • Switched to Python 3.13 from 3.10.19
  • Switched to dhi.io hardened images
  • Updated to the latest pinned requirements
  • Trivy HTML direct export instead of conversion
  • Use GitHub Token instead of SSH private key setup

@ukanga
chore: update pip requirements
c659c5b 
Update Docker base image to
onaio/python-deps:3.10.19-20260210 and regenerate
all .pip files with latest package versions.

Switch locale from en_US.UTF-8 to C.UTF-8 in
Dockerfile runtime and docs stages, removing the
locales package dependency.
@ukanga
switch to dhi.io hardened image dhi.io/debian-base:bookworm-debian12
71aff96
@ukanga
chore: update pip requirements
4982a55 
Bump boto3 1.42.44->1.42.46, cryptography 46.0.4->46.0.5,
pyxform 4.1.0->4.2.0; add lark 1.3.1 (new pyxform dep).
Unpin pyxform in setup.cfg.
@ukanga
chore: use native Trivy HTML reports, fix yamllint
482c373
@ukanga
chore: pin Trivy scanner to v0.69.1
f31da68
@ukanga
fix: download Trivy HTML template for binary mode
b3c1458
@ukanga
fix: handle empty Fixed Version in Trivy details
7ecf876 
The jq regex used [^\n]+ (one or more) which failed on
vulnerabilities with no fixed version, producing empty
output. Use [^\n]* (zero or more) and sort by severity
before taking top 10 results.
@ukanga ukanga force-pushed the chore/update-requirements-20260210 branch from e9362b7 to f53c81a Compare February 10, 2026 23:32
@ukanga
chore: suppress false-positive CVEs via DHI VEX
f53c81a 
Configure Trivy VEX Hub with Docker Hardened Images
advisories to filter out known non-exploitable CVEs
(e.g. CVE-2023-45853) from scan results.
@ukanga
chore: use dhi.io hardened Python 3.13 images
aa7faf2
@ukanga
Remove this project from the pip files
015a3ae
@ukanga
docker linting
b56117d
@ukanga
chore: use BuildKit secret for GitHub token auth
7230c37 
Replace --mount=type=ssh with --mount=type=secret to
authenticate optional package installs via a GitHub
token over HTTPS instead of SSH agent forwarding.
@ukanga
Remove docker aspects from update requirements skill
17e6190
@ukanga
chore: update pinned requirements
d4193c0 
Regenerate all .pip files with latest dependency
versions using pip-compile.
@ukanga
Remove claude code skill
c75eb75 
still needs refinement
@ukanga ukanga changed the title Chore/update requirements 20260210 Switch to Python 3.13 from 3.10.19 Feb 16, 2026
kelvin-muchiri
kelvin-muchiri reviewed Feb 17, 2026
View reviewed changes
setup.cfg
python-memcached
# XLSForm support
pyxform==4.1.0
pyxform
Copy link
Contributor

@kelvin-muchiri kelvin-muchiri Feb 17, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we not need to pin to an exact version anymore?

Copy link
Member Author

@ukanga ukanga Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is now in .pip file

@FrankApiyo FrankApiyo merged commit 9ab2c4a into main Feb 17, 2026
11 checks passed
@FrankApiyo FrankApiyo deleted the chore/update-requirements-20260210 branch February 17, 2026 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kelvin-muchiri kelvin-muchiri kelvin-muchiri approved these changes

@FrankApiyo FrankApiyo FrankApiyo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ukanga @kelvin-muchiri @FrankApiyo